Last Updated on June 14, 2017
It’s time to publish the first timeline of May covering the main cyber attacks occurred between the 1st and 15th, as you will discover (and probably remember), for sure one of the worst months ever…
So May did not start very well with the massive phishing campaign targeting Gmail users and using oauth to spread virally (for the first time in such a massive scale). Final damage report: more than one million accounts compromised. And if this was not enough, things went worse and WannaCry did the rest, with an unprecedented outbreak (74 countries), which could have been much worse without the presence of the infamous kill-switch domain.
Of course all this mess did not stop the crooks from carrying out other massive attacks against Bell Canada (1.9 million accounts compromised) and Edmodo.
Other noticeable events include: the cyber attacks against Sabre Corp. and Docusign, and an SS7 attack against German O2-Telefonica users.
The list of the cyber espionage operations is also quite reach and include: a new wave of attacks from the infamous Turla (AKA Snake AKA Uroburos), the discovery of a RAT dubbed KONNI and targeting assets related to North Korea since at least 3 years, Operation WilySuply, targeting the supply chain of the designated victims, a new attack against Emmanuel Macron’s staff, the discovery of a new actor dubbed APT32 AKA OceanLotus Group, and the return of OilRig.
If you want to have an idea of how fragile our electronic identity is inside the cyberspace, have a look at the timelines of the main Cyber Attacks in 2011, 2012, 2013, 2014, 2015 and 2016 (regularly updated). You may also want to have a look at the Cyber Attack Statistics that are regularly published, and follow @paulsparrows on Twitter for the latest updates.
Additionally, feel free to submit remarkable incidents that in your opinion deserve to be included in the timelines (and charts), and if useful, you can access the timeline in Google Sheet format.
|1||02/05/2017||?||Gannett Co.||A phishing email attack potentially compromises the accounts of as many as 18,000 current and former employees of media company Gannett Co.||Account Hijacking||Industry: Media||CC||US|
|2||02/05/2017||?||HandBrake||The popular DVD-ripping HandBrake app, is hacked to install a new variant of the Proton malware.||Malware||Org: Non-Profit||CC||FR|
|3||02/05/2017||?||Android users||Sophos reveals the details of Super Free Music Player, a fake music player app in the Google Play Store, downloaded by thousands of users since March 31st, and riddled with malware.||Mobile Malware||Single Individuals||CC||>1|
|4||02/05/2017||?||UK Banks||DomainTools reveals that hundreds of fake website domains are being used by hackers to mimic some of the most popular banking services in the UK in an attempt to trick victims into handing over personal details and sensitive login credentials.||Domain Squatting||Finance||CC||UK|
|5||02/05/2017||?||Sabre Corp. Hospitality Unit||Travel industry giant Sabre Corp. disclosed what could be a significant breach of payment and customer data tied to bookings processed through a reservations system that serves more than 32,000 hotels and other lodging establishments.||Malware||Industry: Travel Technology||CC||US|
|6||02/05/2017||?||City of Fitchburg||Fitchburg, Mass. city officials report that the Social Security numbers of 1,800 residents were compromised during a data breach that was discovered on April 14, but took place more than three years ago.||Unknown||Government||CC||US|
|7||02/05/2017||?||Wellington's Victoria University||Students and staff of Wellington's Victoria University have been warned their usernames and passwords may have been compromised following a data breach following an unauthorised access to the university's IT systems.||Unknown||Education||CC||NZ|
|8||03/05/2017||?||Gmail users||A massive phishing campaign hits Google users and compromises about a million of its accounts exploiting a fake app abusing the Oauth authentication protocol.||Account Hijacking via Oauth||Single Individuals||CC||>1|
|9||03/05/2017||?||German O2-Telefonica users||O2-Telefonica in Germany confirms to Süddeutsche Zeitung that some of its customers have had their bank accounts drained using a two-stage attack that exploits SS7.||Account Hijacking via SS7 Vulnerability||Single Individuals||CC||DE|
|10||03/05/2017||Snake AKA Turla, AKA Uroburos||OSX Users||Fox-it reveals that the infamous threat actor Snake (AKA Turla, AKA Uroburos) is back and ready to target OSX users.||Targeted Attack||Single Individuals||CE||>1|
|11||03/05/2017||?||Assets related to North Korea||Researchers from Cisco Talos reveal the details of an unknown Remote Administration Tool, dubbed KONNI, in use, undetected, for over 3 years.||Targeted Attack||>1||CE||>1|
|12||03/05/2017||Skyscraper||Multiple targets||Approximately 500,000 pediatric medical records, many from doctors' offices that didn't know they had been breached, are spotted for sale on the dark web.||Unknown||Healthcare||CC||US|
|13||03/05/2017||TuftsLeaks||Tufts University||A group calling itself TuftsLeaks publishes documents online that contain sensitive financial information from Tufts. The leak includes department budgets, the salaries of thousands of staff and faculty and the ID numbers of student employees with salaries listed.||Unknown||Education||CC||US|
|14||04/05/2017||TheDarkOverlord||Aesthetic Dentistry OC Gastrocare Tampa Bay Surgery Center||TheDarkOverlord dumps 180,000 patients’ records from 3 hacks. The victims are: Aesthetic Dentistry, OC Gastrocare, Tampa Bay Surgery Center||Unknown||Healthcare||CC||US|
|15||04/05/2017||?||Several high-profile technology and financial organizations||Microsoft reveals the details of Operation WilySuply, a sophisticated campaign exploiting the software remote update channel of the supply chain as an attack vector.||Targeted Attack||Several high-profile technology and financial organizations||CE||>1|
|16||04/05/2017||?||Charlotte Flair Victoria||WWE divas Charlotte Flair and Victoria are the latest victims of the Celebgate leak.||Unknown||Single Individuals||CC||US|
|17||05/05/2005||?||Debenhams||Malware infects the backend systems used by British high street chain Debenhams, and steals 26,000 people's personal information in the process. The hack happened after compromising the systems at Ecomnova, the firm that runs the Debenhams Flowers business, for six weeks.||Malware||Industry: Retail||CC||UK|
|18||06/05/2005||?||Emmanuel Macron's Staff||The French presidential candidate Emmanuel Macron is targeted by a “massive and coordinated” hacking attack, hours before voters go to the polls. Tens of thousands of internal emails and other documents (9Gb) are released online.||Unknown||Org: Political Party||CC||FR|
|19||06/05/2005||?||Confluence Charter Schools||The network servers for Confluence Charter Schools are hacked, but school leadership say there is no evidence that student or employee data have been compromised.||Unknown||Education||CC||US|
|20||07/05/2017||?||FCC (Federal Communications Commission)||The FCC website is hit by a DDoS Attack.||DDoS||Government||CC||US|
|21||08/05/2017||?||Multiple targets||Bitdefender reveals the details of Netpreser, a cyber espionage campaign carried on using readily available software tools.||Malware||>1||CE||>1|
|22||09/05/2017||?||France||France's central bank warns of an increase in phishing attempts using its name and logo and email addresses purporting to be Bank of France ones.||Account Hijacking||Single Individuals||CC||FR|
|23||09/05/2017||Authors from Iran?||IP Cameras||Trend Micro reveals the details of Persirai, a new IoT botnet targeting IP cameras.||Malware||>1||CC||>1|
|24||09/05/2017||? (linked to North Korea?)||Unnamed Target||Cylance reveals the details of Paipeu, an unknown malware used as an infostealer.||Targeted Attack||N/A||CE||N/A|
|25||10/05/2017||?||Cedexis||A DDos attack against Cedexis knocks out several major French news websites including Le Monde and Le Figaro.||DDoS||Industry: Content Deliver Network||CC||US|
|26||11/05/2017||An unidentified group, APT28 and Turla||Multiple targets||Security vendors ESET and FireEye this week issued separate advisories on cyberattacks involving the use of three Microsoft zero-day flaws: CVE-2017-0261, CVE-2017-0262, CVE-2017-0263. The attacks are carried on by an unidentified group and also by APT28 and Turla.||Targeted Attack||>1||CE||>1|
|27||11/05/2017||Russian Forces||Ukrainian Soldiers||Ukrainian soldiers are hit by an ongoing campaign of propaganda-texting. The campaign is attributed to Russian forces equipped with cell site simulators (IMSI-catchers).||Cell Site Simulators (IMSI-catchers)||Military||CW||UA|
|28||11/05/2017||nclay?||Edmodo||A hacker steals millions of user account details from popular education platform Edmodo, and the data is apparently for sale on the so-called dark web. The organization claims to have over 78 million members.||Unknown||Industry: Educational Technology||CC||US|
|29||12/05/2017||?||Multiple targets||The WannaCrypt ransomware worm, aka WanaCrypt or Wcry, explodes across 74 countries, infecting hospitals, businesses including Fedex, rail stations, universities, at least one national telco (Telefonica), and more organizations.||Malware||>1||CC||>1|
|30||12/05/2017||?||National University of Singapore (NUS) Nanyang Technological University (NTU)||Reports emerge that the two Singapore universities suffered APT (advanced persistent threat) attacks last month, with the attackers specifically targeting government and research data.||Targeted Attack||Education||CE||SG|
|31||12/05/2017||Brooks Brothers||U.S. clothing company Brooks Brothers reveals that payment card information of certain customers were compromised at some of its retail locations in the United States and Puerto Rico over 11 months until March.||PoS Malware||Industry: Clothes||CC||US|
|32||12/05/2017||?||Multiple targets||Researchers at Cylance reveal a new advanced threat, dubbed Baijiu, which uses heightened interest in North Korea and the GeoCities web service to prey on victims.||Targeted Attack||>1||CE||>1|
|33||14/05/2017||APT32 AKA OceanLotus Group||Multiple Targets with Interests in Vietnam||FireEye reveals the details of Operation Cobalt Kitty, a campaign carried on by APT32, an advanced threat group that conducts targeted intrusions at large multinational businesses with interests in Vietnam.||Targeted Attack||>1||CE||>1|
|34||15/05/2017||?||Bell Canada||Bell Canada says that 1.9 million customer account details have been stolen by unknown hackers, although no payment card numbers or passwords have been taken.||Unknown||Industry: Telco||CC||CA|
|35||15/05/2017||?||Docusign||DocuSign acknowledges that a series of recent malware phishing attacks targeting its customers and users was the result of a data breach at one of its computer systems.||Unknown||Industry: SaaS||CC||US|
|36||15/05/2017||OilRig?||Unnamed Military Contractor||TrapX reveals to have repelled an attack against an unnamed military contractor carried on by Iranian hackers using a Russian Toolset.||Targeted Attack||Industry: Defense Contractor||CE||US|
|37||15/05/2017||?||University of New Mexico Foundation||A month after discovering a computer server breach that may have compromised personal information for about 23,000 people, the University of New Mexico Foundation begins sending notification letters about the incident.||Unknown||Education||CC||US|